Contact Picker Becomes the New Standard for App Access
Google is requiring apps to use the Android Contact Picker as the primary method for accessing contact information. This tool lets users share only specific contacts rather than granting blanket access to their entire contact list. According to Bennet Manuel, Group Product Manager for App and Ecosystem Trust, the shift addresses privacy concerns head-on.
The READ_CONTACTS permission will be reserved exclusively for apps that cannot function without continuous access to the full contact database. Apps targeting Android 17 and above must remove READ_CONTACTS when using the Contact Picker and should explore privacy-focused alternatives like Sharesheet for sharing workflows. Developers unable to meet this requirement must submit a Play Developer Declaration justifying their need for persistent contact access.
Location Button Streamlines One-Time Precise Location Requests
Android is introducing a streamlined location button for temporary, one-time precise location access, such as finding a nearby store or tagging a photo location. This button replaces blanket location permission requests and gives users explicit control over what information they share and for how long.
Apps requiring persistent location tracking can continue requesting always-on access. However, developers must audit their location usage and implement the onlyForLocationButton flag in their manifest if precise location is only needed temporarily and the app targets Android 17 and above. Apps requiring persistent precise location must submit a Play Developer Declaration.
Pre-Review Checks and Developer Guidance Launch in October
Starting October 27, the Play Console will include new pre-review checks that flag potential contact or location permission policy violations before apps are submitted for official review. This gives developers time to fix issues proactively. Additionally, Play Policy Insights in Android Studio will help developers determine whether their apps should adopt the new Contact Picker and location button features.
The dual-track approach aims to reduce review rejections and create a more predictable submission experience. Developers have until October to familiarize themselves with these requirements and update their apps accordingly.
Account Transfer Feature Protects Against Fraudulent Takeovers
Google Play Console now includes an official account transfer feature designed to prevent fraud during ownership changes. Starting May 27, developers must use this feature for any account transfers related to business sales or mergers. Unofficial transfers, such as sharing login credentials or trading accounts on third-party marketplaces, are prohibited.
Every transfer includes a mandatory 7-day security cool-down period, allowing teams to detect and cancel unauthorized account takeover attempts. Developers initiate transfers through the “Users and permissions” page in Play Console.
What Developers Need to Do Now
Developers should begin auditing their apps immediately. Review contact and location permission usage, identify which features genuinely require persistent access, and plan migrations to Contact Picker and the location button. Document any justifications for ongoing permissions in preparation for Play Developer Declarations.
Android apps targeting older versions have more time, but those aiming for Android 17 face October deadlines. The combination of pre-review checks, policy guidance, and enforcement deadlines signals Google’s commitment to tightening privacy controls across the ecosystem. Developers who delay face increased review friction and potential app rejection.
Follow Hashlytics on Bluesky, LinkedIn , Telegram and X to Get Instant Updates
